K15889: Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

Security Advisory Description CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allo...

K15901: Apache HTTP server vulnerability CVE-2012-2687

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web scri...

K17236: Apache HTTP server vulnerability CVE-2015-3185

Security Advisory Description The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass...

K15904: Multiple third-party application-server vulnerabilities

Security Advisory Description CVE-2003-1418 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child proccess IDs PID. CVE-2004-2320 The...

K80080243: Apache vulnerability CVE-2009-3095

Security Advisory Description The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a...

K14733: Apache HTTP server vulnerability CVE-2013-1896

Security Advisory Description moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavs...

K14734: Apache HTTP server vulnerability CVE-2013-2249

Security Advisory Description modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

Moderate: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

RHEL 8 : httpd:2.4 (RHSA-2023:0852)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0852 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav:...

CentOS 8 : httpd:2.4 (CESA-2023:0852)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0852 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header valu...

ALSA-2023:0848 Moderate: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0. BZ2161666 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie...

Rocky Linux 8 : httpd:2.4 (RLSA-2023:0852)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0852 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle...

AlmaLinux 8 : httpd:2.4 (ALSA-2023:0852)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0852 advisory. httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP...

Security Bulletin: Vulnerabilities in Bash affect IBM FlashSystem 840 and V840 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Bash vulnerabilities were disclosed in September 2014. These vulnerabilities have been referred to as “Bash Bug” or “Shellshock”. Bash is used by IBM FlashSystem 840 and V840 products. Vulnerability Details The following vulnerabilities are only exploitable by users who already have...

SUSE CVE-2003-1581

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log...

SUSE CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

SUSE CVE-2007-3303

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that 1 stop request processing by killing all worker processes and preventing creation of replacements or 2 hang the system by forcin...

SUSE CVE-2007-5000

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

SUSE CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...